-
Overview
From Elasticsearch, suricata.eve.timestamp is one field name.
-
Suricata
Suricata is an open source-based intrusion detection system (IDS) and intrusion prevention system (IPS).
It was developed by the Open Security Foundation (OSF).
Suricata is a free and open-source, mature, fast and robust network threat detection engine.
The Suricata engine is capable of real time intrusion detection (IDS), inline intrusion prevention (IPS), network security monitoring (NSM) and offline pcap processing.
-
EVE JSON Output
The EVE output facility outputs alerts, anomalies, metadata, file info and protocol specific records through JSON.
The most common way to use this is through ‘EVE’, which is a firhose approach where all these logs go into a single file.
-
An intrusion detection system is a device or software application that monitores a network or systems for malicious activity or policy violations.
-
The Open Security Foundation (OSF) was a 501©(3) non-profit public organization “founded and oeprated by information security enthusiasts”.
-
suricata.eve.timestamp
type: alias
alias to :
@timestamp
One of the fields from Suricata fields, the Suricata fields is one of the categories from Exported fields which exported by Filebeat.
-
Suricata fields, modules for handling the EVE JSON logs produced by Suricata.
suricata
: fields from the suricata EVE log file;eve
: fields exported by the EVE JSON logs;
理解suricata.eve.timestamp
Guess you like
Origin blog.csdn.net/The_Time_Runner/article/details/113001780
Ranking